• Journal of Digital Contents Society
• /
• v.19 no.1
• /
• pp.93-102
• /
• 2018

This study aims to present policy implications by analyzing information security behavior factors of internet users. The research model, based on PMT and UTAUT2, consists of perceived threat, severity, social influence, self-efficacy, experience and habits, PC and privacy behaviors, security behaviors on new services and set demographic characteristics, use places of internet, use of paid products, and experiences of accident as moderate variables to analyze the effect on security behavior. The results showed that perceived severity, self-efficacy significantly influenced on experience and habits, and experience and habits and self-efficacy had a high influence on PC and privacy behavior. Also, PC and privacy behaviors have a high impact on security behavior of new services. Age, income, use of paid products, and experience of accidents have a moderating effects on security behaviors. The results of this study are expected to help policy decision making to improve the level of information security of internet users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1117-1132
• /
• 2019

Recently, IT technology such as internet, mobile, and IOT has rapidly developed, making it easy to collect data necessary for business, and the collected data is analyzed as a new method of big data analysis and used appropriately for business. In this way, data collection and analysis becomes easy. In such data, personal information including an identifier such as a sensor id, a device number, IP address, or the like may be collected. However, if systematic management is not accompanied by collecting and disposing of large-scale data, violation of relevant laws such as "Personal Data Protection Act". Furthermore, data quality problems can also occur and make incorrect decisions. In this paper, we propose a new data governance maturity model(DGMM) that can identify the personal data contained in the data collected by companies, use it appropriately for the business, protect it, and secure quality. And we also propose a over all implementation process for DG Program.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.89-96
• /
• 2007

Radio Frequency Identification system based on EPC(Electronic Product Code) Network Environment can read or write information of tagged objects, using Rf signals without direct contact. This advantage which is to provide storage ability and contactless property is better than Bar-code system. Mobile RFID system which integrates Mobile system with RFID system will provide new additional service to users. However, an advantage for obtaining information of objects using RF signal causes personal privacy problem. In this paper, we propose techniques that can protect personal privacy based on mobile. Our scheme provides privacy protection of users and is more efficiently than another application service.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.163-171
• /
• 2015

Personal Health Records(PHR) service offers patients a convenient and easy-to-use solution for managing their personal health records, crucial medical files, and emergency contacts. In spite of the indispensable advantages, PHR service brings critical challenges that cannot be avoided from consumer side if the security of the data is concerned. The problem of user's privacy infringement and leaking user's sensitive medical information is increasing with the fusion of PHR technology and healthcare. In this paper, therefore, we analyze the various security aspects that are vulnerable to the PHR service and needed to be resolved. Moreover, we analyze the security requirements from the point of view of the PHR users and application service providers and provides the PHR security mechanism for addressing PHR security threats and satisfying PHR security requirements.

• Informatization Policy
• /
• v.25 no.2
• /
• pp.84-96
• /
• 2018

The right to be forgotten means the right of people to request information and communication providers to delete their information online. As the number of people asking for deletion of their past embarrassing or negative online activities is increasing, discussions are being raised on the introduction of the right to be forgotten in South Korea. However, previous research on the right to be forgotten mainly deals with the legal concept, with insufficient consideration of economic value. The main purpose of this research is to examine social perception towards the right to be forgotten and to estimate its economic value quantitatively. According to the results, there are concerns about disclosure of personal information, but with lack of awareness on the right to be forgotten. The monthly average amount that a person is willing to pay to be forgotten is 1,218 Korean won (11 US dollars) and the total economic value is estimated to be about 540 billion won (490 million dollars) per year in 2017. Especially, those who have experienced leakage of personal information put higher value to the right to be forgotten. These results can be useful for making decisions about the right to be forgotten in the future.

• Review of KIISC
• /
• v.5 no.2
• /
• pp.5-25
• /
• 1995

정보화사회의 진전에 따라 정보에 대한 중요성이 부각되고 이에 대한 많은 논의가 계속되고 있는 가운데 이의 보호문제는 법·제도적인 측면보다는 주로 기술적인 측면에서 다루어져 왔다. 그러나 최근에는 효과적인 정보보호를 위해서 법·제도적인 보장도 중요한 요인이라는 인식하에 이와 관련된 여러 법규들이 제·개정되고 있다 이러한 개별법의 제·개정을 통하여 과거에 문제되었던 개인정보나 통신비밀의 보호문제는 이제 어느 정도 효과적으로 대응할 수 있게 되었다. 그러나 현재의 법규들은 새롭게 등장한 정보 침해문제의 대응에 급급한 나머지 관계법간의 상호조정이 이루어지지 못한 상황이다. 이에, 본 고는 이러한 문제점들을 보완하기 위한 하나의 시도로써 정보보호문제와 관련된 전체법체계를 면밀히 검토하여 향후 정보보호관련 법규의 재정비 및 심화되는 정보보호 문제 해결에 도움을 주고자 한다. 특히 이러한 정보보호문제는 범국가적으로 추진하고 있는 정보화전략 이른바 초고속정보통신망사업에서의 정보보호 문제에도 좋은 기초자료가 되리라 기대한다.

• Journal of Legislation Research
• /
• no.53
• /
• pp.177-211
• /
• 2017

In the course of the emergence and development of new ICT technologies and services such as Big Data, Internet of Things and Artificial Intelligence, the future will change by these new innovations in the Fourth Industrial Revolution. The future of this fourth industrial revolution will change and our future will be data-based society or economy. Since there is personal information at the center of it, the development of the economy through the utilization of personal information will depend on how to make the personal information protection laws. In Korea, which is trying to lead the 4th industrial revolution, it is a legal interest that can not give up the use of personal information, and also it is an important legal benefit that can not give up the personal interests of individuals who want to protect from personal information. Therefore, it is necessary to change the law on personal information protection in a rational way to harmonize the two. In this regard, this article discusses the problems of duplication and incompatibility of the personal information protection law, the scope of application of the personal information protection law and the uncertainty of the judgment standard, the lack of flexibility responding to the demand for the use of reasonable personal information, And there is a problem of reverse discrimination against domestic area compared to the regulated blind spot in foreign countries. In order to solve these problems and to improve the legislation of personal information protection in the era of the fourth industrial revolution, we proposed to consider both personal information protection and safe use by improving the purpose and regulation direction of the personal information protection law. The balance and harmony between the systematical maintenance of the personal information protection legislation and laws and regulations were also set as important directions. It is pointed out that the establishment of rational judgment criteria and the legislative review to clarify it are necessary for the constantly controversial personal information definition regulation and the method of allowing anonymization information as the intermediate domain. In addition to the legislative review for the legitimate and non-invasive use of personal information, there is a need to improve the collective consent system for collecting personal information to differentiate the subject and to improve the legislation to ensure the effectiveness of the regulation on the movement of personal information between countries. In addition to the issues discussed in this article, there may be a number of challenges, but overall, the protection and use of personal information should be harmonized while maintaining the direction indicated above.

• Korean Security Journal
• /
• no.17
• /
• pp.255-276
• /
• 2008

The important items, which should be considered in Private Investigation Law, can include subjects, licenses, the scope of business, qualifying examinations, and supervisory and penal provisions. The subjects of Private Investigation Law should be permitted to be both natural persons and juridical persons in terms of providing various services, but should be permitted to be juridical persons and should be administered on a license system, even in order to ensure public interests. Concretely, the introduction scope of Private Investigation Law can be regulated to include the followings: that is, investigating the whereabouts identification of runaways and missing children, investigating the personal identification, habit, way of action, motivation, whereabouts identification, real child confirmation, association, transaction, reputation, and personality of specific persons or specific groups, investigating the whereabouts identification of missing persons, owners of government-vested properties or renounced properties, investigating the whereabouts of lost properties or stolen properties, investigating the causes of fire, character defamation, slander, damage, accident, physical disability, infringement on real estate or movable property, and investigating all sorts of accidents including traffic accidents, insurance accidents, and medical malpractices. In the qualifying examination, examinees' age should be restricted to be over age 25. The person, who is exempted from its primary examination, should be restricted to be the person, who has the career of over 20 years in related fields, in consideration of its equity with other certificates of qualification. In the supervisory institution, as the policy institution is the supervisory institution in many countries including France (the police) and Japan (public security committee), so the National Policy Agency should be the supervisory institution in consideration of management aspects. In the penal regulations, especially, we should clarify the management of personal information (personal information protection, personal information management), and so should prevent the infringement of people's basic rights, and then should ensure the public interest.

• The Journal of the Convergence on Culture Technology
• /
• v.2 no.4
• /
• pp.71-76
• /
• 2016

In this study, de-identification policies of the US, the UK, Japan, China and Korea are compared to suggest a future direction of de-identification regulations and a method for vitalizing the big data industry. Efficiently using the de-identification technology and the standard of adequacy evaluation contributes to using personal information for the industry to develop services and technology while not violating the right of private lives and avoiding the restrictions specified in the Personal Information Protection Act. As a counteraction, the re-identification issue may occur, for re-identifying each person as a de-identified data collection. From the perspective of business, it is necessary to mitigate schemes for discarding some regulations and using big data, and also necessary to strengthen security and refine regulations from the perspective of information security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.531-543
• /
• 2013

The destruction and prejudice of major infrastructure such as energy, broadcast, communication and transportation could result in a threat to individual rights and liberties, as well as social and economic losses. If a traffic signal control facilities have been violated, the lives of the citizens discomfort as well as causing social disruption such as traffic accident. Because the control system is operating as a closed network and you think it is safe, the information protection system has not been built or security patches and anti-virus updates do not work properly. So, cyber attacks by security vulnerabilities are exposed. Therefore, there is a need to identify the characteristics of the system, and develop appropriate countermeasures in order to prevent cyber attacks and prejudices incidents. This paper examines the vulnerabilities of Intelligent Transport Systems and proposes the improvement of security vulnerabilities.